User Information Security Awareness Quiz!

1. Which of the following would be the best password?

MySecret

Dp0si#Z$2

Abc123

Keyboard

The password "Dp0si#Z$2" would be the best choice because it is a combination of uppercase and lowercase letters, numbers, and special characters. This makes it more complex and harder to guess or crack compared to the other options. The inclusion of special characters also adds an extra layer of security.

Explanation

The password "Dp0si#Z$2" would be the best choice because it is a combination of uppercase and lowercase letters, numbers, and special characters. This makes it more complex and harder to guess or crack compared to the other options. The inclusion of special characters also adds an extra layer of security.

2. What is a good way to create a password?

Your child or pet name.

Using numbers or symbols.

A combination of upper and lowercase letters along with numbers and symbols.

Using some common words from the dictionary.

A combination of upper and lowercase letters along with numbers and symbols is a good way to create a password because it increases the complexity and makes it more difficult for hackers to guess or crack the password. Using a combination of different character types adds an extra layer of security and makes the password stronger.

Explanation

A combination of upper and lowercase letters along with numbers and symbols is a good way to create a password because it increases the complexity and makes it more difficult for hackers to guess or crack the password. Using a combination of different character types adds an extra layer of security and makes the password stronger.

3. While receiving an email from an unknown contact that has an attachment, you:

Must open the attachment to view its contents.

Just delete the email.

Initially, forward the email to your co-workers to allow them to open the attachment first.

Forward the email to your personal email account, so you can open it at home.

Opening attachments from unknown contacts can be risky as they may contain malware or viruses that can harm your computer or compromise your personal information. It is always recommended to delete such emails to avoid any potential security threats.

Explanation

Opening attachments from unknown contacts can be risky as they may contain malware or viruses that can harm your computer or compromise your personal information. It is always recommended to delete such emails to avoid any potential security threats.

4. If you're not careful during Internet browsing, what can happen?

Spyware or Adware installation.

Browser Hijacking.

Information or identity theft.

All of the above.

If you're not careful during Internet browsing, several things can happen. Spyware or adware can be installed on your device without your knowledge or consent, which can track your online activities and display unwanted advertisements. Browser hijacking can also occur, where your browser settings are changed without your permission, redirecting you to malicious websites. Additionally, information or identity theft can happen, where hackers can steal your personal information, such as passwords or credit card details, leading to financial loss or unauthorized use of your identity. Therefore, all of the mentioned options are potential consequences of careless Internet browsing.

Explanation

If you're not careful during Internet browsing, several things can happen. Spyware or adware can be installed on your device without your knowledge or consent, which can track your online activities and display unwanted advertisements. Browser hijacking can also occur, where your browser settings are changed without your permission, redirecting you to malicious websites. Additionally, information or identity theft can happen, where hackers can steal your personal information, such as passwords or credit card details, leading to financial loss or unauthorized use of your identity. Therefore, all of the mentioned options are potential consequences of careless Internet browsing.

5. Why is it necessary for everyone to have a good understanding of Information Security policies and procedures?

It helps protect users from being victims of security incidents.

It provides an understanding of the patterns to follow in a security incident.

It helps to understand levels of responsibility.

All of the above.

Having a good understanding of Information Security policies and procedures is necessary for everyone because it helps protect users from being victims of security incidents. By knowing these policies and procedures, individuals can follow the proper patterns in case of a security incident, which can minimize the damage and help resolve the issue efficiently. Additionally, understanding Information Security policies and procedures also helps individuals understand their own levels of responsibility in maintaining security, ensuring that they are aware of their role in protecting sensitive information. Therefore, all of the given options are valid reasons why everyone should have a good understanding of Information Security policies and procedures.

Explanation

Having a good understanding of Information Security policies and procedures is necessary for everyone because it helps protect users from being victims of security incidents. By knowing these policies and procedures, individuals can follow the proper patterns in case of a security incident, which can minimize the damage and help resolve the issue efficiently. Additionally, understanding Information Security policies and procedures also helps individuals understand their own levels of responsibility in maintaining security, ensuring that they are aware of their role in protecting sensitive information. Therefore, all of the given options are valid reasons why everyone should have a good understanding of Information Security policies and procedures.

6. What is the proper use of email?

Do not email personal information.

Do send out price lists for your home-based business products.

Forward inspirational and humorous emails to your co-workers to brighten their day for entertainment.

Share an email with all your friends and co-workers to advertise a job opening in your area.

Email is a widely used form of communication, but it is important to use it properly and responsibly. One proper use of email is to not email personal information. This is because email is not a secure method of communication, and personal information can easily be intercepted or accessed by unauthorized individuals. To ensure the privacy and security of personal information, it is best to avoid sending it through email and instead use more secure methods such as encrypted messaging or secure file-sharing platforms.

Explanation

Email is a widely used form of communication, but it is important to use it properly and responsibly. One proper use of email is to not email personal information. This is because email is not a secure method of communication, and personal information can easily be intercepted or accessed by unauthorized individuals. To ensure the privacy and security of personal information, it is best to avoid sending it through email and instead use more secure methods such as encrypted messaging or secure file-sharing platforms.

7. A malicious user can rely on email or a webpage to launch a ____?

Phishing attacks.

Virus attacks.

Spyware.

All of the above.

A malicious user can use email or webpages as mediums to launch phishing attacks, virus attacks, or distribute spyware. Phishing attacks involve tricking individuals into revealing sensitive information, such as passwords or credit card details. Virus attacks involve spreading harmful software that can damage or disrupt computer systems. Spyware is malicious software that secretly collects information about a user's activities. Therefore, all three options are potential methods that a malicious user can employ to launch their attacks.

Explanation

A malicious user can use email or webpages as mediums to launch phishing attacks, virus attacks, or distribute spyware. Phishing attacks involve tricking individuals into revealing sensitive information, such as passwords or credit card details. Virus attacks involve spreading harmful software that can damage or disrupt computer systems. Spyware is malicious software that secretly collects information about a user's activities. Therefore, all three options are potential methods that a malicious user can employ to launch their attacks.

8. What can be done to avoid email viruses?

Try deleting an unexpected or unsolicited message.

Try using antivirus software to scan attachments before opening.

Try deleting similar messages that appear more than once in your Inbox.

All the above.

To avoid email viruses, it is recommended to delete unexpected or unsolicited messages as they may contain malicious attachments or links. Using antivirus software to scan attachments before opening them can also help identify and eliminate potential threats. Additionally, deleting similar messages that appear more than once in your Inbox can prevent accidentally clicking on a malicious email multiple times. Therefore, all the mentioned options can contribute to avoiding email viruses.

Explanation

To avoid email viruses, it is recommended to delete unexpected or unsolicited messages as they may contain malicious attachments or links. Using antivirus software to scan attachments before opening them can also help identify and eliminate potential threats. Additionally, deleting similar messages that appear more than once in your Inbox can prevent accidentally clicking on a malicious email multiple times. Therefore, all the mentioned options can contribute to avoiding email viruses.

9. What must be done if your password has been compromised?

Change your password.

Report the incident to the proper authorities - such as a system administrator(s).

Check other systems that you have accounts on as they may be compromised as well.

All the above.

If your password has been compromised, it is important to take immediate action to protect your accounts and personal information. Changing your password is crucial as it prevents unauthorized access to your accounts. Reporting the incident to the proper authorities, such as system administrators, helps them investigate and take appropriate measures to prevent further breaches. Additionally, checking other systems where you have accounts is necessary as the compromise of one account may indicate vulnerabilities in others. Therefore, all the mentioned actions should be taken to effectively address the situation.

Explanation

If your password has been compromised, it is important to take immediate action to protect your accounts and personal information. Changing your password is crucial as it prevents unauthorized access to your accounts. Reporting the incident to the proper authorities, such as system administrators, helps them investigate and take appropriate measures to prevent further breaches. Additionally, checking other systems where you have accounts is necessary as the compromise of one account may indicate vulnerabilities in others. Therefore, all the mentioned actions should be taken to effectively address the situation.

10. The initial step in Security Awareness is being able to ________ a security threat.

Avoid

Recognize

Challenge

Log

The initial step in Security Awareness is being able to recognize a security threat. This means having the ability to identify potential risks or dangers to the security of a system, network, or organization. By being able to recognize security threats, individuals can take appropriate actions to mitigate or address these threats, such as implementing security measures, reporting incidents, or seeking assistance from experts. Being aware of potential security threats is crucial in maintaining the safety and integrity of systems and data.

Explanation

The initial step in Security Awareness is being able to recognize a security threat. This means having the ability to identify potential risks or dangers to the security of a system, network, or organization. By being able to recognize security threats, individuals can take appropriate actions to mitigate or address these threats, such as implementing security measures, reporting incidents, or seeking assistance from experts. Being aware of potential security threats is crucial in maintaining the safety and integrity of systems and data.

11. Which statement most accurately describes the virus?

A program that is secretly installed onto your computer and makes copies of itself consumes your computer resources.

A program that protects your computer from hackers.

A program that is installed onto your computer monitors your internet use.

All of the above.

The correct answer describes a virus as a program that is secretly installed onto your computer and makes copies of itself, which ultimately consumes your computer resources. This definition accurately captures the nature of a virus, which is a type of malicious software that replicates itself and can cause harm to a computer system by consuming its resources. It does not protect the computer from hackers or monitor internet use, as those would typically be features of other types of software such as antivirus programs or monitoring tools.

Explanation

The correct answer describes a virus as a program that is secretly installed onto your computer and makes copies of itself, which ultimately consumes your computer resources. This definition accurately captures the nature of a virus, which is a type of malicious software that replicates itself and can cause harm to a computer system by consuming its resources. It does not protect the computer from hackers or monitor internet use, as those would typically be features of other types of software such as antivirus programs or monitoring tools.

12. Which of the following is a common delivery method for viruses?

Email

Instant Message

Internet download

Portable media

Portable media, such as USB drives or external hard drives, is a common delivery method for viruses. Malicious software can be unintentionally transferred to these devices and then spread to other computers when the infected media is connected to them.

However, it's worth noting that viruses can also be delivered through other means, and options A (Email), B (Instant Message), and C (Internet download) are also common vectors for the distribution of viruses and other malware. Users should exercise caution and implement security measures to protect against these various delivery methods.

Explanation

Portable media, such as USB drives or external hard drives, is a common delivery method for viruses. Malicious software can be unintentionally transferred to these devices and then spread to other computers when the infected media is connected to them.

However, it's worth noting that viruses can also be delivered through other means, and options A (Email), B (Instant Message), and C (Internet download) are also common vectors for the distribution of viruses and other malware. Users should exercise caution and implement security measures to protect against these various delivery methods.

13. Instant Messaging is safer than regular email.

True

False

The statement "Instant Messaging is safer than regular email" is false. While instant messaging may provide real-time communication, it is not necessarily safer than regular email. Both forms of communication can be vulnerable to security breaches, such as hacking or phishing attacks. The safety of any communication platform depends on various factors, including the security measures implemented by the service provider and the user's own practices, such as using strong passwords and being cautious of suspicious messages or links. Therefore, it is incorrect to claim that instant messaging is inherently safer than regular email.

Explanation

The statement "Instant Messaging is safer than regular email" is false. While instant messaging may provide real-time communication, it is not necessarily safer than regular email. Both forms of communication can be vulnerable to security breaches, such as hacking or phishing attacks. The safety of any communication platform depends on various factors, including the security measures implemented by the service provider and the user's own practices, such as using strong passwords and being cautious of suspicious messages or links. Therefore, it is incorrect to claim that instant messaging is inherently safer than regular email.

14. All of these are good physical security practices except?

When leaving work, always wear your security badge, even if it is for a break. It should also be worn outside of the office in public for other people to know where you work.

Control access to your office by ensuring the door is closed completely behind when entering and exiting from the area. Ensure that no one slips in behind you.

During a task in a public setting, avoid shoulder surfing by shielding your paperwork and keyboard from view using your body.

You must follow the Clear Desk and Screen Policy. Also, store confidential and sensitive items in a secure place.

Wearing your security badge outside of the office in public can compromise security by potentially revealing sensitive information about your workplace to unauthorized individuals. It's generally not advisable to display your security badge outside of the office environment to maintain confidentiality and security protocols.

Explanation

Wearing your security badge outside of the office in public can compromise security by potentially revealing sensitive information about your workplace to unauthorized individuals. It's generally not advisable to display your security badge outside of the office environment to maintain confidentiality and security protocols.

15. Which statement is true for the limited personal use policy?

Conducting business for personal gain.

Using company resources for political purposes.

Sending an occasional personal email.

Download music and video files.

The limited personal use policy allows employees to send occasional personal emails. This means that employees are allowed to use company resources, such as the email system, for personal reasons as long as it is not excessive or interfering with their work responsibilities. However, conducting business for personal gain, using company resources for political purposes, and downloading music and video files are not permitted under this policy.

Explanation

The limited personal use policy allows employees to send occasional personal emails. This means that employees are allowed to use company resources, such as the email system, for personal reasons as long as it is not excessive or interfering with their work responsibilities. However, conducting business for personal gain, using company resources for political purposes, and downloading music and video files are not permitted under this policy.

16. What is the biggest vulnerability to computer information security?

Instant Messaging, Peer-to-Peer (P2P) applications.

Malware - virus, worms, spyware.

Spam, Phishing attacks.

End Users.

End users are considered the biggest vulnerability to computer information security because they often lack awareness and understanding of proper security practices. They may fall victim to social engineering tactics, such as phishing attacks, where they unknowingly provide sensitive information to attackers. End users may also engage in risky behavior, such as clicking on suspicious links or downloading malicious attachments, which can lead to malware infections. Additionally, end users may not keep their software and devices updated, leaving them vulnerable to known security vulnerabilities. Overall, the actions and behaviors of end users can greatly compromise the security of computer systems and information.

Explanation

End users are considered the biggest vulnerability to computer information security because they often lack awareness and understanding of proper security practices. They may fall victim to social engineering tactics, such as phishing attacks, where they unknowingly provide sensitive information to attackers. End users may also engage in risky behavior, such as clicking on suspicious links or downloading malicious attachments, which can lead to malware infections. Additionally, end users may not keep their software and devices updated, leaving them vulnerable to known security vulnerabilities. Overall, the actions and behaviors of end users can greatly compromise the security of computer systems and information.

17. Which of the following life experiences might turn a trusted user into a malicious insider except:

Frustration with co-workers.

Stress.

Promotion.

Financial problems.

A promotion is unlikely to turn a trusted user into a malicious insider because it is generally seen as a positive life experience. A promotion often comes with increased responsibilities, recognition, and benefits, which can enhance job satisfaction and loyalty. It is more plausible for frustration with co-workers, stress, or financial problems to potentially lead a trusted user to become a malicious insider. These factors can contribute to feelings of resentment, dissatisfaction, or desperation, which might prompt someone to engage in harmful actions against their organization.

Explanation

A promotion is unlikely to turn a trusted user into a malicious insider because it is generally seen as a positive life experience. A promotion often comes with increased responsibilities, recognition, and benefits, which can enhance job satisfaction and loyalty. It is more plausible for frustration with co-workers, stress, or financial problems to potentially lead a trusted user to become a malicious insider. These factors can contribute to feelings of resentment, dissatisfaction, or desperation, which might prompt someone to engage in harmful actions against their organization.

18. What should everyone know about information security? (Select all that apply)

Computer security is part of everyone's job.

Verify everything! You need to verify that the website is real. Also, verify that the visitor belongs where you find them.

Report anything suspicious to your system administrator.

Do not ignore unusual computer functioning. It might be a sign of malware.

There is no wrong answer here! Also, everyone should know:

- Always use a strong password and protect their passwords.

- Practice safe computing during travel.

- Prevent the loss of data, either electronically or physically.

- Take care in sending emails and using IM tools.

- Take the appropriate actions to protect against viruses, phishing attempts, and spyware/adware installation at home and at work.

- Follow company usage policies.

Explanation

There is no wrong answer here! Also, everyone should know:

- Always use a strong password and protect their passwords.

- Practice safe computing during travel.

- Prevent the loss of data, either electronically or physically.

- Take care in sending emails and using IM tools.

- Take the appropriate actions to protect against viruses, phishing attempts, and spyware/adware installation at home and at work.

- Follow company usage policies.

Submit

19. Which of the following is a measure for preventing a social engineering attack except:

Do not give out computer or network information.

Do not complete confidential company tasks in an insecure setting.

Do not secure sensitive documents and media.

Do not give out personally identifiable information.

The correct answer is "Do not secure sensitive documents and media." This answer is incorrect because securing sensitive documents and media is actually a measure for preventing a social engineering attack. Social engineering attacks often involve tricking individuals into revealing sensitive information or gaining unauthorized access to confidential documents. By properly securing sensitive documents and media, such as through encryption, access controls, and physical safeguards, the risk of unauthorized access or disclosure is reduced, making it harder for attackers to exploit this information.

Explanation

The correct answer is "Do not secure sensitive documents and media." This answer is incorrect because securing sensitive documents and media is actually a measure for preventing a social engineering attack. Social engineering attacks often involve tricking individuals into revealing sensitive information or gaining unauthorized access to confidential documents. By properly securing sensitive documents and media, such as through encryption, access controls, and physical safeguards, the risk of unauthorized access or disclosure is reduced, making it harder for attackers to exploit this information.

20. What should be done if you think the email you received is a phishing attempt? (select all that apply)

Do not reply to the message.

Click the link so you can see what the site looks like.

Keep your system up to date, and install up-to-date antivirus and antispyware software.

Report the phishing email to the legitimate company or organization that has been spoofed.

If you suspect that an email is a phishing attempt, it's advisable not to reply to the message. Responding to a phishing email can confirm to the attacker that your email address is valid, leading to further phishing attempts.

Additionally, reporting the phishing email to the legitimate company or organization that has been spoofed (option D) is a recommended action. Legitimate organizations appreciate being informed about phishing attempts using their name, as it helps them take action to warn other users and potentially address the issue.

Options B and C are not recommended actions when dealing with a suspected phishing attempt. Clicking on links in a suspicious email may lead to malicious websites, and keeping your system up to date with antivirus and antispyware software is a general security practice but may not directly address a specific phishing email.

Explanation

If you suspect that an email is a phishing attempt, it's advisable not to reply to the message. Responding to a phishing email can confirm to the attacker that your email address is valid, leading to further phishing attempts.

Additionally, reporting the phishing email to the legitimate company or organization that has been spoofed (option D) is a recommended action. Legitimate organizations appreciate being informed about phishing attempts using their name, as it helps them take action to warn other users and potentially address the issue.

Options B and C are not recommended actions when dealing with a suspected phishing attempt. Clicking on links in a suspicious email may lead to malicious websites, and keeping your system up to date with antivirus and antispyware software is a general security practice but may not directly address a specific phishing email.

Submit